CN110737448A - firmware encryption system containing microcontroller and firmware protection and upgrade method thereof - Google Patents
firmware encryption system containing microcontroller and firmware protection and upgrade method thereof Download PDFInfo
- Publication number
- CN110737448A CN110737448A CN201811031615.5A CN201811031615A CN110737448A CN 110737448 A CN110737448 A CN 110737448A CN 201811031615 A CN201811031615 A CN 201811031615A CN 110737448 A CN110737448 A CN 110737448A
- Authority
- CN
- China
- Prior art keywords
- central control
- control system
- firmware
- program
- subsystem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000012795 verification Methods 0.000 claims abstract description 16
- 239000003550 marker Substances 0.000 claims description 44
- 238000001514 detection method Methods 0.000 claims description 28
- 239000000284 extract Substances 0.000 claims description 6
- 238000013500 data storage Methods 0.000 claims description 4
- 230000009191 jumping Effects 0.000 claims description 3
- 238000005245 sintering Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
A firmware enciphering system containing microcontroller and its firmware protection and upgrade method, the firmware enciphering system includes central control system and subsystem set connected by data line, the central control system and subsystem includes user application programs published publicly and system bootstrap program not published publicly, the central control system and subsystem carry out their own system internal firmware verification and carry on the system firmware verification, only the verified system bootstrap program releases the key data of the user application program to the designated RAM area and continues to execute the user application program, the firmware verification information between the central control system and its subsystem registers in the remote server and is used for upgrading verification, the upgrading of the user application program of the subsystem and central control system is carried out by the central control system , the key management is simple, the upgrading of the firmware is carried out automatically by network, avoiding manual download, and increasing the firmware system security.
Description
Technical Field
The invention relates to a firmware protection technology of instrument equipment, in particular to firmware encryption systems containing microcontrollers and firmware protection and upgrading methods thereof.
Background
The development of the technology is changing day by day, in order to meet the rapid change of the market, the products of the enterprise are also rapidly updated, but the company needs to develop a large investment behind the development, when products enter the market, the enterprise is very worried that the design is directly copied by illegal merchants, and the issued firmware is stolen, so that pirated clone copy products are rapidly released, and the economic benefit of the research and development company is seriously damaged.
Although the firmware of the control circuit board can be protected by prohibiting the flow of the firmware, the firmware is not feasible each time the firmware needs to be processed through a company service channel by a user, the user experience is influenced in aspect, unnecessary extra operation expense of a company is increased secondly, so the control is needed to be performed on the firmware encryption protection, the firmware upgrade is opened to the user in aspect, and the firmware also needs to be protected, and cannot be cloned to a counterfeit product even if being acquired by a lawbreaker.
Disclosure of Invention
In order to solve the above problems, the present invention provides firmware encryption systems including microcontrollers and firmware protection and upgrading methods thereof, which automatically update firmware in the case of networking, give the best physical examination to the legitimate users, and at the same time, can effectively prevent the firmware from being illegally used on counterfeit products.
The firmware encryption system comprising the microcontroller comprises a central control system and a subsystem set which are connected through a data line, wherein the subsystem set at least comprises subsystems;
the central control system comprises a user application program of the central control system which is published publicly and a system bootstrap program (BootLoader) of the central control system which is not published publicly, wherein the user application program of the central control system which is published publicly is encrypted before being published and is decrypted by the system bootstrap program of the central control system and replaces the original user application program when being upgraded;
the subsystem comprises a user application program of the publicly released subsystem and a system bootstrap program (BootLoader) of the non-publicly released subsystem, wherein the user application program of the publicly released subsystem is encrypted before being released and is decrypted by the system bootstrap program of the central control system during upgrading and is transmitted to the subsystem through a data line;
the system boot program of the central control system comprises a firmware matching validity detection module, a module for establishing data link with an external remote server, an encryption and decryption module and a data exchange module for exchanging data with the subsystem;
the system boot program of the subsystem comprises a firmware matching validity detection module, an encryption and decryption module and a data exchange module for exchanging data with the central control system;
blocks of encrypted data are respectively included in the system boot programs of the central control system and the subsystems, and the encrypted data comprise key data which are necessary for detecting the validity of the firmware matching and normally operating the user application program;
essential key data of the normal operation of the user application program are released to a specified memory area after the system boot program passes the firmware validity detection;
the firmware matching validity detection comprises detecting whether the firmware is matched with the hardware and detecting whether the central control system is matched with the subsystem;
the user application program areas of the central control system and the subsystems thereof respectively comprise version information areas for recording the version information of the user application programs.
, the system boot program of the central control system includes the matching information required for detecting the validity of the firmware match, which includes the hardware unique marker of the central control system, the version number of the system boot program of the central control system, and the hardware unique marker of every subsystems paired with the system boot program;
the matching information required for the detection of the validity of the firmware match included in the system boot program of the subsystem includes an -only marker of the hardware of the subsystem, a version number of the system boot program of the subsystem, and a -only marker of the hardware of the central control system matched therewith.
, the key data is encrypted and written to the system boot area, the key used by the central control system for encryption corresponds to the version number of the system boot program of the central control system, the key used by the subsystem for encryption corresponds to the version number of the system boot program of the subsystem, the encryption algorithm is a symmetric algorithm, and the key is part of the firmware program of the system boot program and is determined when the system boot program is delivered from the factory.
A firmware protection and upgrade method for firmware encryption system including microcontroller is as follows:
establishing a mutual association relation between a central control system and subsystems when firmware sintering is carried out before equipment leaves a factory, registering association information in an external server, and respectively carrying out firmware matching validity detection in the system and firmware matching validity detection between the systems by the central control system and the subsystems thereof when the equipment is started later;
the central control system and the subsystem respectively comprise a system bootstrap program and a user application program, and the system bootstrap programs of the central control system and the subsystem respectively decrypt blocks of encrypted data stored in a system bootstrap program area to obtain data required by matching detection and key data indispensable for normal execution of the user application program;
the central control system automatically connects an external remote server before completing the firmware matching validity detection and jumping to a user application program, if the server is connected, the central control system sends system information of the system to the server, the server inquires whether the system is registered or not according to the received information and inquires whether a new firmware program exists or not, if the new firmware program exists, the server packages and encrypts the firmware program and a hardware unique marker attached with the system, and sends the encrypted firmware program to the central control system, the central control system decrypts according to a preset secret key, extracts a hardware unique marker contained in a data packet from the encrypted firmware program, finds a corresponding system according to the recorded matching information, if the update belongs to the central control system, the encrypted firmware program is written into a user application program area of the central control system, if the update belongs to a subsystem, the decrypted firmware is transmitted to the subsystem through a data exchange module of the central control system to update, and sends an instruction to the server to request for updating record information;
after completing matching verification during system startup, the central control system and the subsystems thereof respectively write key data into the designated memory area, jump to the user application program area and continue to execute the user application program;
the key required by the remote server side encryption corresponds to the version number of the system bootstrap program of the central control system, and the server appoints keys for the system bootstrap program of the central controller system with each versions when the remote server side encryption is delivered from a factory;
the memory area written with the key data is excluded from an available range when a system boot program and a user application program are compiled, so that the problem that a firmware program covers the memory area to generate program faults when being executed is avoided.
, the specific method for establishing the correlation between the central control system and the subsystems comprises:
the central control system and the subsystems thereof mutually transmit hardware unique markers of the system and the version number of a system bootstrap program when the system is started at th time, and establish matching information, then the central control system and the subsystems thereof respectively encrypt the matching information and respectively store the matching information in a designated safety region, the central control system connects an external remote server and registers hardware when information matching is carried out, and the matching information is recorded in the external remote server, wherein the information registered in the server comprises the hardware unique markers of the central control system, the version number of a user application program of the central control system, the hardware unique markers of all connected subsystems, the version number of the user application program of the subsystems and the version number of the system bootstrap program.
Further , the method of detecting the validity of the firmware match is as follows:
the central control system and the subsystem respectively read the hardware unique marker of the system when the system is started, then respectively read blocks of encrypted data stored in a system boot program area and decrypt the encrypted data, judge whether the firmware and the system hardware are matched according to the decrypted matching information and the hardware unique marker read in real time, if the matching check of the central control system or the subsystem is not passed, the program stops executing, and if the matching check of the central control system and the subsystem is passed, the next step of matching check is continued ;
the subsystem sends the decrypted matching information to the central control system, the central control system searches whether the matching record of the subsystem exists in the decrypted matching information, if the corresponding matching information is found, the subsystem and the central control system are determined to be matched, the system is legal, and subsequent programs are continuously executed.
, the central control system sends the system information to the server when checking the firmware update, the system information includes the encrypted hardware unique marker of the central control system, the version number of the system bootstrap program of the central control system, the version number of the user application program of the central control system, the hardware unique marker of all the connected subsystems and the version number of the user application program, and the version number of the system bootstrap program of the central control system sent in the clear text, and the remote external server determines the key according to the version number of the system bootstrap program received in the clear text, decrypts and extracts the system information.
Compared with the prior art, the firmware encryption system comprising the microcontroller and the firmware protection and upgrading method thereof have the following advantages:
1. the subsystem and the central control system use a multiple protection mechanism, the subsystem and the central control system need to pass the firmware verification of the system, then the subsystem and the central control system need to pass the verification, and finally the firmware program can be upgraded after the verification of the remote server.
2. The central control system automatically downloads the updating program through the network, a user does not have the opportunity to directly contact the firmware program, the opportunity of firmware leakage is reduced, the firmware program issued by the server is encrypted, and even a firmware program imitator is obtained, the firmware program imitator can not use the firmware program.
3. The only marker used in the hardware verification is encrypted before being stored and then written into the memory, which increases the difficulty of the hardware marker verification method.
4. The user application program is decrypted in advance by the central controller when being updated, the program protection is carried out by encrypting a very small amount of key data, and the firmware program only decrypts the key data every time, so that the condition that the whole or most of the user application program needs to be decrypted every time the program is executed is avoided, and machine resources are greatly saved.
5. The decrypted key corresponds to the version number of the system boot program of the central control system, so that the maintenance is simple, and the firmware is protected from encryption.
Drawings
FIG. 1 is a system architecture diagram of a firmware encryption system incorporating a microcontroller.
FIG. 2 is a system framework diagram of a subsystem in a firmware encryption system including a microcontroller.
Fig. 3 is a system framework diagram of a central control system in a firmware encryption system including a microcontroller.
Detailed Description
As shown in fig. 1, firmware encryption systems including microcontrollers according to the present invention includes a central control system and a subsystem set connected by a data line, where the subsystem set includes at least subsystems, and the subsystem set shown in fig. 1 includes 4 subsystems A, B, C and d.
Further , the firmware between the central control system and the subsystems is checked by matching check information stored in the respective systems, and if a mismatch is found, the system goes to a halt state.
FIG. 2 is a system framework diagram of a subsystem, wherein a firmware system of the subsystem comprises non-publicly released system boot program (Bootloader) areas and publicly released user application programs, the system boot program (Bootloader) is a program which is executed first after the system is powered on, most basic system boot programs are interrupt variables and program entries for setting the firmware program and jump to the user application program entries, and the publicly released user application programs are encrypted when being released.
further, the system boot program of the subsystem includes a program function area 100 and an encrypted data storage area 101. the system boot program function area 100 includes, but is not limited to, a firmware match validity check module, an encryption decryption module, and a data exchange module for exchanging data with the central control system. the encrypted data storage area 101 contains key data that are necessary for detecting the validity of the firmware match and for normal operation of the user application.
, the hardware unique marker stored in the encryption region 101 is encrypted and encrypted with a key corresponding to the version number of the system boot program, which is determined at the time of factory shipment, even if the hardware unique marker is obtained by other methods and the memory is copied maliciously, since the unique marker stored in the encryption region is encrypted, it is possible to prevent malicious hacking of the matching information.
Further , the user application program area includes a program function area 110 and a version information area 111. the version information area 111 records the version number of the current firmware program for determining whether to update.
In embodiments, the RAM of the random access area of the subsystem comprises a normal RAM area 120 and a RAM area 121 for storing key data, as shown in FIG. 2. if the system boot program passes the verification in the matching verification, the key data area 121 of the RAM area is written with the key data, which is the data necessary for the correct execution of the user application program, and a typical example of the data looks like the entry address of the key function, the execution parameters such as the calculation factor of some key data and the assignment of some key global variable.
The firmware system of the central control system comprises non-publicly released system boot programs (bootloaders) and publicly released user application programs, the system boot programs are programs executed firstly after the system is powered on, and most basic system boot programs are interrupt variables and program entries for setting the firmware programs, and jump to the firmware program entries.
Further , the system boot program of the central control system includes a program function area 200 and an encrypted data save area 201. the system boot program function area 200 includes, but is not limited to, a firmware match validity detection module, a module for establishing a data link with an external remote server, an encryption decryption module, and a data exchange module for exchanging data with the subsystems. the encrypted data save area 201 includes, but is not limited to, a hardware unique marker of the central control system, a hardware unique marker of a subsystem paired with the central control system and version information of the system boot program, and match information with all subsystems.
The encryption area 201 of the central control system contains matching information records matching information with subsystems, as shown in fig. 3, the central control system establishes a connection relationship with 4 subsystems, and each matching information record comprises a hardware unique marker of the central control system, a hardware unique marker of a subsystem associated with the marker, a system boot version number of the subsystem, and a user application version number of the subsystem.
Further , the hardware unique marker stored in the encrypted data storage area 201 is encrypted, using a key corresponding to the version number of the system boot program, which is determined at the time of factory shipment, even if the hardware unique marker is obtained by other methods and the memory is copied maliciously, since the unique marker stored in the encrypted area is encrypted, it is possible to prevent malicious hacking of the matching information.
Further , the user application area includes a program function area 210 and a version information area 211. the version information area 211 records the version number of the current user application for determining whether an update is required.
In embodiments, as shown in FIG. 3, the RAM of the random access area of the central control system includes a normal RAM area 220 and a RAM area 221 for storing critical data, as shown in FIG. 3. if the system boot program passes the verification in the matching verification, critical data is written into the critical data area 221 of the RAM area, the critical data is data essential for the correct execution of the user application program 210, and the data may be the entry address of the critical function, or other execution parameters such as a calculation factor of some critical data or some critical global variable assignment.
In preferred embodiments, the firmware encryption system including a microcontroller according to the present invention comprises a central control system and a subsystem set connected by a data line, wherein the subsystem set comprises a plurality of subsystems;
the central control system comprises a user application program of the central control system which is published publicly and a system bootstrap program (BootLoader) of the central control system which is not published publicly, wherein the user application program of the central control system which is published publicly is encrypted before being published and is decrypted by the system bootstrap program of the central control system and replaces the original user application program when being upgraded;
the subsystem comprises a user application program of the publicly released subsystem and a system bootstrap program (BootLoader) of the non-publicly released subsystem, wherein the user application program of the publicly released subsystem is encrypted before being released and is decrypted by the system bootstrap program of the central control system during upgrading and is transmitted to the subsystem through a data line;
the system boot program of the central control system comprises a firmware matching validity detection module, a module for establishing data link with an external remote server, an encryption and decryption module and a data exchange module for exchanging data with the subsystem;
the system boot program of the subsystem comprises a firmware matching validity detection module, an encryption and decryption module and a data exchange module for exchanging data with the central control system;
blocks of encrypted data areas 201 and 101 are respectively included in the system boot programs of the central control system and the subsystems, and the encrypted data comprise key data which are necessary for detecting the validity of the firmware matching and normally operating the user application program;
essential key data of the normal operation of the user application program are released to a specified memory area after the system boot program passes the firmware validity detection;
the firmware matching validity detection comprises detecting whether the firmware is matched with the hardware and detecting whether the central control system is matched with the subsystem;
the user application program area of the central control system and its subsystems respectively includes version information areas 211 and 111 for recording the version information of the user application program.
, the system boot program of the central control system includes the matching information required for detecting the validity of the firmware match, which includes the hardware unique marker of the central control system, the version number of the system boot program of the central control system, and the hardware unique marker of every subsystems paired with the system boot program;
the matching information required for the detection of the validity of the firmware match included in the system boot program of the subsystem includes an -only marker of the hardware of the subsystem, a version number of the system boot program of the subsystem, and a -only marker of the hardware of the central control system matched therewith.
, the key data is encrypted and written to the system boot area, the key used by the central control system for encryption corresponds to the version number of the system boot program of the central control system, the key used by the subsystem for encryption corresponds to the version number of the system boot program of the subsystem, the encryption algorithm is a symmetric algorithm, and the key is part of the firmware program of the system boot program and is determined when the system boot program is delivered from the factory.
A firmware protection and upgrade method for firmware encryption system including microcontroller is as follows:
establishing a mutual association relation between a central control system and subsystems when firmware sintering is carried out before equipment leaves a factory, registering association information in an external server, and respectively carrying out firmware matching validity detection in the system and firmware matching validity detection between the systems by the central control system and the subsystems thereof when the equipment is started later;
the central control system and the subsystem respectively comprise a system bootstrap program and a user application program, and the system bootstrap program of the central control system and the subsystem decrypts sections of encrypted data (201 and 101) stored in a system bootstrap program area to obtain data required by the matching detection and key data indispensable for normal execution of the user application program;
the central control system automatically connects an external remote server before completing the firmware matching validity detection and jumping to a user application program, if the server is connected, the central control system sends system information of the system to the server, the server inquires whether the system is registered or not according to the received information and inquires whether a new firmware program exists or not, if the new firmware program exists, the server packages and encrypts the firmware program and a hardware unique marker attached with the system, and sends the system to the central control system, the central control system decrypts according to a preset secret key, extracts a hardware unique marker contained in a data packet from the firmware program, finds a corresponding system according to the recorded matching information, if the update belongs to the central control system, the system is written into a user application program area of the central control system, if the update belongs to a subsystem, the decrypted firmware is transmitted to the subsystem through a data exchange module of the central control system for updating, and sends an instruction to the server for updating the recorded information;
after completing matching verification during system startup, the central control system and the subsystems thereof respectively write key data into the designated memory areas (221 and 121), jump to the user application program area and continue to execute the user application program;
the key required by the remote server side encryption corresponds to the version number of the system bootstrap program of the central control system, and the server appoints keys for the system bootstrap program of the central controller system with each versions when the remote server side encryption is delivered from a factory;
the memory area written with the key data is excluded from an available range when a system boot program and a user application program are compiled, so that the problem that a firmware program covers the memory area to generate program faults when being executed is avoided.
The updating of the user application program of the central control system and the subsystems thereof is automatically carried out through a network, thereby preventing the user from directly contacting the firmware program and reducing the possibility of cracking the firmware program.
, the specific method for establishing the correlation between the central control system and the subsystems comprises:
the central control system and the subsystems thereof mutually transmit hardware unique markers of the system and the version number of a system bootstrap program when the system is started at th time, and establish matching information, then the central control system and the subsystems thereof respectively encrypt the matching information and respectively store the matching information in a designated safety region, the central control system connects an external remote server and registers hardware when information matching is carried out, and the matching information is recorded in the external remote server, wherein the information registered in the server comprises the hardware unique markers of the central control system, the version number of a user application program of the central control system, the hardware unique markers of all connected subsystems, the version number of the user application program of the subsystems and the version number of the system bootstrap program.
, the method for detecting the validity of the firmware matching specifically comprises the following steps:
the central control system and the subsystem respectively read the hardware unique marker of the system when the system is started, then respectively read blocks of encrypted data stored in a system boot program area and decrypt the encrypted data, judge whether the firmware and the system hardware are matched according to the decrypted matching information and the hardware unique marker read in real time, if the matching check of the central control system or the subsystem is not passed, the program stops executing, and if the matching check of the central control system and the subsystem is passed, the next step of matching check is continued ;
the subsystem sends the decrypted matching information to the central control system, the central control system searches whether the matching record of the subsystem exists in the decrypted matching information, if the corresponding matching information is found, the subsystem and the central control system are determined to be matched, the system is legal, and subsequent programs are continuously executed.
, the central control system sends the system information to the server when checking the firmware update, the system information includes the encrypted hardware unique marker of the central control system, the version number of the system boot program of the central control system, the version number of the user application program of the central control system, the hardware unique markers and the version number of the user application program of all the connected subsystems, and the version number of the system boot program of the central control system sent in the clear, and the remote external server determines the key according to the version number of the system boot program received in the clear, decrypts and extracts the system information.
Compared with the prior art, the firmware protection and upgrading method of the firmware encryption system containing the microcontroller only encrypts a small amount of key data (including the hardware unique marker) of the firmware, the decrypted software resource cost is quite low, the hardware unique marker is stored in a safe storage area after being encrypted, even if the key data is cracked violently, the hardware unique marker is also written into the storage area after being encrypted, and the decryption cannot be easily carried out, the firmware matching information is also stored in an external remote server, the firmware updating is controlled through the external server, the safety factor is increased, the updating program is automatically carried out through a network, the risk of firmware leakage is reduced, and a legal user can be ensured to obtain the latest firmware.
In light of the foregoing description of the preferred embodiment of the present invention, many modifications and variations will be apparent to those skilled in the art without departing from the spirit and scope of the invention. The technical scope of the present invention is not limited to the content of the specification, and must be determined according to the scope of the claims.
Claims (7)
1, firmware encryption system containing microcontroller, which is characterized by comprising a central control system and a subsystem set connected by data lines;
the set of subsystems includes at least subsystems;
the central control system comprises a user application program of the central control system which is published publicly and a system bootstrap program (BootLoader) of the central control system which is not published publicly, wherein the user application program of the central control system which is published publicly is encrypted before being published and is decrypted by the system bootstrap program of the central control system and replaces the original user application program when being upgraded;
the subsystem comprises a user application program of the publicly released subsystem and a system bootstrap program (BootLoader) of the non-publicly released subsystem, wherein the user application program of the publicly released subsystem is encrypted before being released and is decrypted by the system bootstrap program of the central control system during upgrading and is transmitted to the subsystem through a data line;
the system boot program of the central control system comprises a firmware matching validity detection module, a module for establishing data link with an external remote server, an encryption and decryption module and a data exchange module for exchanging data with the subsystem;
the system boot program of the subsystem comprises a firmware matching validity detection module, an encryption and decryption module and a data exchange module for exchanging data with the central control system;
blocks of encrypted data storage areas are respectively included in the system boot programs of the central control system and the subsystems, and the encrypted data comprise key data which are necessary for detecting the validity of the firmware matching and normally operating the user application program;
essential key data of the normal operation of the user application program are released to a specified memory area after the system boot program passes the firmware validity detection;
the firmware matching validity detection comprises detecting whether the firmware is matched with the hardware and detecting whether the central control system is matched with the subsystem;
the user application program areas of the central control system and the subsystems thereof respectively comprise version information areas for recording the version information of the user application programs.
2. The firmware encryption system including a microcontroller according to claim 1, wherein:
the matching information required for detecting the validity of the firmware matching, which is included in the system boot program of the central control system, comprises a hardware unique marker of the central control system, the version number of the system boot program of the central control system and a hardware unique marker of each subsystems matched with the system boot program;
the matching information required for the detection of the validity of the firmware match included in the system boot program of the subsystem includes an -only marker of the hardware of the subsystem, a version number of the system boot program of the subsystem, and a -only marker of the hardware of the central control system matched therewith.
3. The firmware encryption system including a microcontroller according to claim 1, wherein:
the key data is encrypted and written into a system boot area;
the key used by the central control system for encryption corresponds to the version number of the system boot program of the central control system;
the encryption key of the subsystem corresponds to the version number of the system boot program of the subsystem;
the encryption algorithm is a symmetric algorithm;
the key is part of the firmware program of the system boot program and is determined at the time of factory shipment.
4, A firmware protection and upgrade method for firmware encryption system including microcontroller, characterized in that:
the method comprises the following specific steps:
establishing a mutual association relation between a central control system and subsystems when firmware sintering is carried out before equipment leaves a factory, registering association information in an external server, and respectively carrying out firmware matching validity detection in the system and firmware matching validity detection between the systems by the central control system and the subsystems thereof when the equipment is started later;
the central control system and the subsystem respectively comprise a system bootstrap program and a user application program, and the system bootstrap programs of the central control system and the subsystem respectively decrypt encrypted data stored in a system bootstrap program area to obtain data required by the matching detection and key data indispensable for normal execution of the user application program;
the central control system automatically connects an external remote server before completing the firmware matching validity detection and jumping to a user application program, if the server is connected, the central control system sends system information of the system to the server, the server inquires whether the system is registered or not according to the received information and inquires whether a new firmware program exists or not, if the new firmware program exists, the server packages and encrypts the firmware program and a hardware unique marker attached with the system, and sends the system to the central control system, the central control system decrypts according to a preset secret key, extracts a hardware unique marker contained in a data packet from the firmware program, finds a corresponding system according to the recorded matching information, if the update belongs to the central control system, the system is written into a user application program area of the central control system, if the update belongs to a subsystem, the decrypted firmware is transmitted to the subsystem through a data exchange module of the central control system for updating, and sends an instruction to the server for updating the recorded information;
after completing matching verification during system startup, the central control system and the subsystems thereof respectively write key data into the designated memory area, jump to the user application program area and continue to execute the user application program;
the key required by the remote server side encryption corresponds to the version number of the system bootstrap program of the central control system, and the server appoints keys for the system bootstrap program of the central controller system with each versions when the remote server side encryption is delivered from a factory;
the memory area written with the key data is excluded from an available range when a system boot program and a user application program are compiled, so that the problem that a firmware program covers the memory area to generate program faults when being executed is avoided.
5. The firmware protection and upgrade method of a firmware encryption system including a microcontroller according to claim 4, wherein:
the specific method for establishing the correlation between the central control system and the subsystems comprises the following steps:
the central control system and the subsystems thereof mutually transmit hardware unique markers of the system and the version number of a system bootstrap program when the system is started at th time, and establish matching information, then the central control system and the subsystems thereof respectively encrypt the matching information and respectively store the matching information in a designated safety region, the central control system connects an external remote server and registers hardware when information matching is carried out, and the matching information is recorded in the external remote server, wherein the information registered in the server comprises the hardware unique markers of the central control system, the version number of a user application program of the central control system, the hardware unique markers of all connected subsystems, the version number of the user application program of the subsystems and the version number of the system bootstrap program.
6. The firmware protection and upgrade method of a firmware encryption system including a microcontroller according to claim 4, wherein: the method for detecting the matching validity of the firmware comprises the following steps:
the central control system and the subsystem respectively read the hardware unique marker of the system when the system is started, then respectively read blocks of encrypted data stored in a system boot program area and decrypt the encrypted data, judge whether the firmware and the system hardware are matched according to the decrypted matching information and the hardware unique marker read in real time, if the matching check of the central control system or the subsystem is not passed, the program stops executing, and if the matching check of the central control system and the subsystem is passed, the next step of matching check is continued ;
the subsystem sends the decrypted matching information to the central control system, the central control system searches whether the matching record of the subsystem exists in the decrypted matching information, if the corresponding matching information is found, the subsystem and the central control system are determined to be matched, the system is legal, and subsequent programs are continuously executed.
7. The firmware protection and upgrade method of a firmware encryption system including a microcontroller according to claim 4, wherein:
the central control system sends the system information to the server when checking the firmware update, wherein the system information comprises an encrypted hardware unique marker of the central control system, a version number of a system bootstrap program of the central control system, a version number of a user application program of the central control system, hardware unique markers of all subsystems connected with the central control system and the version number of the user application program, and a version number of the system bootstrap program of the central control system sent in clear text;
and the remote external server determines a secret key according to the version number of the system bootstrap program received by the plaintext, decrypts and extracts system information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811031615.5A CN110737448B (en) | 2018-09-05 | 2018-09-05 | Firmware encryption system comprising microcontroller and firmware protection and upgrading method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811031615.5A CN110737448B (en) | 2018-09-05 | 2018-09-05 | Firmware encryption system comprising microcontroller and firmware protection and upgrading method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110737448A true CN110737448A (en) | 2020-01-31 |
CN110737448B CN110737448B (en) | 2023-08-11 |
Family
ID=69236609
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811031615.5A Active CN110737448B (en) | 2018-09-05 | 2018-09-05 | Firmware encryption system comprising microcontroller and firmware protection and upgrading method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110737448B (en) |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001045414A2 (en) * | 1999-12-15 | 2001-06-21 | Conexant Systems, Inc. | System of and method for secure firmware update and loading of cable modem |
CA2530107A1 (en) * | 2001-05-10 | 2002-11-10 | Ranco Incorporated Of Delaware | System and method for securely upgrading firmware |
US20020188934A1 (en) * | 2001-06-12 | 2002-12-12 | Nortel Networks Limited | Method and system for upgrading existing firmware on third party hardware |
US20080229114A1 (en) * | 2007-03-15 | 2008-09-18 | Ricoh Company, Ltd. | Information processing apparatus, software update method, and image processing apparatus |
JP2009230399A (en) * | 2008-03-21 | 2009-10-08 | Fuji Xerox Co Ltd | Firmware update system and firmware update program |
US20130111455A1 (en) * | 2010-08-27 | 2013-05-02 | Huawei Device Co., Ltd. | Method for processing firmware based on firmware over the air technology, apparatus, and system |
CN103207800A (en) * | 2013-04-24 | 2013-07-17 | 厦门亿联网络技术股份有限公司 | Method for safely and flexibly upgrading firmware |
CN103942075A (en) * | 2014-04-09 | 2014-07-23 | 苏州汇川技术有限公司 | System and method for programming elevator controller firmware |
US20140208114A1 (en) * | 2013-01-18 | 2014-07-24 | Neopost Technologies | System and method for massive controlled and secured update of devices firmware |
CN105608345A (en) * | 2015-12-21 | 2016-05-25 | 上海华测导航技术股份有限公司 | Stm32 boot program encryption method |
US20160306977A1 (en) * | 2014-12-22 | 2016-10-20 | Capital One Services, LLC. | System and methods for secure firmware validation |
WO2017013134A1 (en) * | 2015-07-23 | 2017-01-26 | Phoenix Contact Gmbh & Co.Kg | Method and system for firmware-updating a control device for process control |
CN107395389A (en) * | 2017-03-28 | 2017-11-24 | 厦门亚锝电子科技有限公司 | A kind of light modulator firmware upgrade method based on bluetooth Mesh network |
WO2018138789A1 (en) * | 2017-01-25 | 2018-08-02 | 三菱電機株式会社 | Built-in device and firmware update method |
-
2018
- 2018-09-05 CN CN201811031615.5A patent/CN110737448B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001045414A2 (en) * | 1999-12-15 | 2001-06-21 | Conexant Systems, Inc. | System of and method for secure firmware update and loading of cable modem |
CA2530107A1 (en) * | 2001-05-10 | 2002-11-10 | Ranco Incorporated Of Delaware | System and method for securely upgrading firmware |
US20020188934A1 (en) * | 2001-06-12 | 2002-12-12 | Nortel Networks Limited | Method and system for upgrading existing firmware on third party hardware |
US20080229114A1 (en) * | 2007-03-15 | 2008-09-18 | Ricoh Company, Ltd. | Information processing apparatus, software update method, and image processing apparatus |
JP2009230399A (en) * | 2008-03-21 | 2009-10-08 | Fuji Xerox Co Ltd | Firmware update system and firmware update program |
US20130111455A1 (en) * | 2010-08-27 | 2013-05-02 | Huawei Device Co., Ltd. | Method for processing firmware based on firmware over the air technology, apparatus, and system |
US20140208114A1 (en) * | 2013-01-18 | 2014-07-24 | Neopost Technologies | System and method for massive controlled and secured update of devices firmware |
CN103207800A (en) * | 2013-04-24 | 2013-07-17 | 厦门亿联网络技术股份有限公司 | Method for safely and flexibly upgrading firmware |
CN103942075A (en) * | 2014-04-09 | 2014-07-23 | 苏州汇川技术有限公司 | System and method for programming elevator controller firmware |
US20160306977A1 (en) * | 2014-12-22 | 2016-10-20 | Capital One Services, LLC. | System and methods for secure firmware validation |
WO2017013134A1 (en) * | 2015-07-23 | 2017-01-26 | Phoenix Contact Gmbh & Co.Kg | Method and system for firmware-updating a control device for process control |
CN105608345A (en) * | 2015-12-21 | 2016-05-25 | 上海华测导航技术股份有限公司 | Stm32 boot program encryption method |
WO2018138789A1 (en) * | 2017-01-25 | 2018-08-02 | 三菱電機株式会社 | Built-in device and firmware update method |
CN107395389A (en) * | 2017-03-28 | 2017-11-24 | 厦门亚锝电子科技有限公司 | A kind of light modulator firmware upgrade method based on bluetooth Mesh network |
Non-Patent Citations (3)
Title |
---|
LINKSAFE2014: "MCU加密技术分析(二)" * |
云利军;孙鹤旭;雷兆明;王炜;: "基于SynqNet的网络化运动控制器研究", no. 02 * |
方兵兵;闻路红;: "基于TFTP与AES的嵌入式设备远程固件升级", no. 02 * |
Also Published As
Publication number | Publication date |
---|---|
CN110737448B (en) | 2023-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10915633B2 (en) | Method and apparatus for device security verification utilizing a virtual trusted computing base | |
JP4906854B2 (en) | Information processing apparatus, information recording apparatus, information processing system, program update method, program, and integrated circuit | |
EP1907917B1 (en) | Secure software updates | |
US8660964B2 (en) | Secure device licensing | |
KR101265099B1 (en) | A Method For Software Security Treatment And A Storage Medium | |
US20030196096A1 (en) | Microcode patch authentication | |
US20140059679A1 (en) | Software updating apparatus, software updating system, invalidation method, and invalidation program | |
US20070217614A1 (en) | Program update method and server | |
CN101308538B (en) | Method and apparatus for checking integrity of firmware | |
US9225692B2 (en) | Method and system for protected transmission of files | |
US8745735B2 (en) | Monitoring system, program-executing device, monitoring program, recording medium and integrated circuit | |
US20130339734A1 (en) | Secure Method and System for Remote Field Upgrade of Power Device Firmware | |
CN106384042A (en) | Electronic device and security system | |
US20080114685A1 (en) | System and method for preventing unauthorized installation of a software program | |
US11544354B2 (en) | System for secure provisioning and enforcement of system-on-chip (SOC) features | |
CN101305377A (en) | Communication terminal device, server terminal device, and communication system using the same | |
CN1988437A (en) | System and method for managing credible calculating platform key authorization data | |
KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
CN105100030B (en) | Access control method, system and device | |
KR101226615B1 (en) | A Device For Software Obfuscation And A System For Software Security Treatment | |
CN110737448A (en) | firmware encryption system containing microcontroller and firmware protection and upgrade method thereof | |
EP3123384B1 (en) | Protecting an item of software | |
KR101906484B1 (en) | Method for application security and system for executing the method | |
CN114221769B (en) | Method and device for controlling software authorization permission based on container | |
CN116781359B (en) | Portal security design method using network isolation and cryptograph |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |